Master Signing Keys

This page lists the Arch Linux Master Keys. This is a distributed set of
keys that are seen as "official" signing keys of the distribution. Each key
is held by a different developer, and a revocation certificate for the key
is held by a different developer. Thus, no one developer has absolute hold
on any sort of absolute, root trust.

The 1 key listed below should be
regarded as the current set of master keys. They are available on public
keyservers and should be signed by the owner of the key.

Master Key Signatures

The following table shows all active developers and trusted users along
with the status of their personal signing key. A 'Yes' indicates that the
personal key of the developer is signed by the given master key. A 'No'
indicates it has not been signed; however, this does not necessarily mean
the key should not be trusted.

All official Arch Linux developers and trusted users should have their
key signed by at least three master keys if they are responsible for
packaging software in the repositories. This is in accordance with the PGP
web of trust concept. If a user is willing to marginally trust all
of the master keys, three signatures from different master keys will
consider a given developer's key as valid. For more information on trust,
please consult the
GNU Privacy Handbook
and Using trust to
validate keys.